Having worked through getting ISO27001 certification for a financial institution I found its not about the software but about processes and procedures. The software is very dependent on your environment.

You should certainly have some procedures and guidelines in place when creating an incident response plan. This really does depend on your environment though. You may not need to specify any software, it could be as simple as stating that you will call a qualified forensic/investigative team. It depends how deep you want to go.

Thanks for the feedback. Actually, I am working on a project that coordinates more than one CERT, like having a main point of contact for several CERTs where incidents can be escalated to other CERTs through this unit. Back to my original question: I would need a common incident handling software application that interfaces with the others, at the moment I am visiting each CERT to create a list of products used!